Misleading docs - web UI url's

Question

Misleading docs - web UI url's

duzenko opened this issue 3 years ago · 1 comments

Describe the bug

The docs here explicitly direct user to expect the web UI under the endpoints http://server:port/context-path/swagger-ui.html and http://server:port/context-path/v3/api-docs and as such to configure Spring security against those url's.

In reality, though, the following security config works:

				.and().authorizeRequests().antMatchers("/api-docs/**").permitAll()
				.and().authorizeRequests().antMatchers("/swagger-ui.html").permitAll()
				.and().authorizeRequests().antMatchers("/swagger-ui/**").permitAll()

Note the lack of 'v3' before api-docs.

Additionally, swagger-ui.html is redundant as it's simply redirecting to swagger-ui/index.html. It will not work unless user allows the swagger-ui/** path and swagger-ui/index.html will work already with just that path without the separate rule for swagger-ui.html.

I expect that most real-life spring projects use spring security so omitting this config step is adding headache for every new user.

Answer 1 · 2022-12-09T22:14:20.000Z

Feel free to propose a PR to update the doc